Malware utilized in the attack last month on the developers' site PHP.net used a unique approach to avoid detection, a security expert says.
On Wednesday, security vendor Seculert reported finding that one of five malware types used in the attack had a unique cloaking property for evading sandboxes. The company called the malware DGA.Changer.